Top offending countries: Yugoslavia, Nigeria, Romania

Below:

Next story in Security

Selling stuff online? Beware orders from Yugoslavia, Nigeria, Romania, Pakistan and Indonesia. A study released Thursday claims that more than 40 percent of all credit card fraud suffered by U.S. companies online is committed by overseas crooks, with orders from those five countries the most likely to be cons.

But selling internationally isn't automatically risky. The study also showed that fraud rates among sales to New Zealand, Switzerland, Japan, France and Italy are lower than fraud rates for domestic U.S. sales.

Yugoslavia ranked first among high-risk countries, the study found. About 13 percent of purchases initiated from that country were fraudulent. By comparison, the fraud rate in the U.S. is about 1.7 percent, according to Cybersource Corp., which sells anti-fraud software.

Many online merchants just avoid global sales all together. A full one-third of medium and large Web sites simply won't sell to international customers, according to a separate recent survey, conducted by Cybersource. International fraud rates are four times higher than domestic rates, the company says.

Despite the high risk of selling overseas -- better than 1 in 10 purchases made from Romania are fraudulent, for example -- the Merchant Risk Council says electronic commerce Web sites shouldn't shy away from the potential revenue source. The council is a consortium of 1,500 companies that do business on the Web.

"Our recommendation is you should always ship internationally," said Julie Ferguson, a council board member. "But if you are shipping to a higher risk location you ought to mark it for review."

What companies can do
Bruce Frymire, spokesman for Cybersource, says there are steps Web sites can take to protect themselves from international fraudsters. The most brutal is to simply exclude entire countries from even viewing the Web site by blocking a range of Internet address. Fraud scrubbing software, which uses formulas to estimate risk for each transaction, are also used. Purchases made from higher-risk countries are assigned a higher fraud score.

"It's an enormous and fast growing market. If you want to be a leader, you don't just walk away from it," Frymire said. "You find a way to do it."

The Merchants Risk Council study ignored the billing and shipping addresses used during the transaction. Instead, researchers determined the Internet address of the computer which placed the order, which generally provides a rough geographic location for that computer.

But there is no sure-fire way to establish an Internet users' country of origin, says Dan Clements, who operates credit card fraud watch Web site CardCops.com. Clever criminals can hijack computers from other countries, or mask the Internet address, he said.

"These guys are that smart," he said. "Many don't even bother trying to order from Eastern block nations like Belarus [that] they know they are blacklisted. They just find a proxy in another country, and it looks like they are coming from that location."

Criminals also use satellite delivered Internet access to get around location-based fraud detection, Ferguson said. Many frauds now appear to originate from a satellite service in Denmark, for example, but the users could be connecting from anywhere.

Still, that's probably overkill by the con artists, said Ferguson, since many merchants still don't take basic anti-fraud steps like checking the location of the consumer ordering the merchandise. Only 28 percent of the associations' members did so in 2003, she said.

The persistently high fraud rates -- and lack of inexpensive, effective fraud-fighting tools --has really put a damper on the notion that electronic commerce is truly global, said Gartner analyst and fraud expert Avivah Litan.

"Everybody said the Internet would level the playing field, that every mom and pop store could compete with the IBMs of the world, and have access to the same customers," she said. "That's simply not true at all, and one big reason is fraud. The big companies can afford to put in some kind of controls, but the small companies just can't."

In fact, each year, more than 10 percent of e-commerce sites that sell overseas stop doing so, Litan says, because of high fraud rates. One e-commerce firm she spoke to experienced fraud rates as high as 90 percent from Indonesia.